This video describes a security vulnerability found by Pedro Oliveira in Android Firefox browser. It allowed to steal cookies of a user that visited the attacker’s...
Video
MS Teams – One message that can install malware on your computer – Bug Bounty Reports Explained
This video is about the RCE vulnerability in desktop clients of Microsoft Teams application. In describes multiple techniques like XSS via AngularJS client-side template...
Very creative way to turn Prototype Pollution into RCE in kibana – Bug Bounty Reports Explained
This video is an explanation of prototype pollution vulnerability in kibana that, in a super cool and very creative way, was used to achieve remote code execution in...
This video is about an RCE vulnerability in Github pages. The report on hackerone was rewarded $25,000. The issue exploited a YAML file used to configure Jekyll website...
Zoom – turning on someone’s camera using SQL injection vulnerability – Bug Bounty Reports Explained
This video is about local SQLinjection vulnerability in Linux and MacOS desktop applications of Zoom – conference app that gained even more popularity as remote...
Today’s video is about Web Cache Poisoning attacks found during the yearly research by James Kettle aka albinowax. The bug bounty reports explained in the video...
This video is about Grafana SSRF vulnerability that was reported to Gitlab bug bounty program on Hackerone. The reward for this bug was $12,000, as it was possible to...
This video is an explanation of bug bounty report submitted to Airbnb program. The vulnerability was XSS that required 4 different bypasses: – XSS filter bypass...
This video is an explanation of bug bounty report of critical vulnerability submitted on Hackerone to Starbucks bug bounty program. It was secondary context path...
HTTP request smuggling is a technique used to find vulnerabilities in bug bounty programs and penetration tests, rediscovered by portswigger in 2019. In the video I...